From 49dde03c2ece9af3caaaf3b734ae1c3e1546f0de Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 3 Apr 2024 16:10:49 +0200 Subject: Update CVE data based on latest stable releases. Signed-off-by: Greg Kroah-Hartman --- cve/published/2024/CVE-2024-26584.json | 17 +++++++++- cve/published/2024/CVE-2024-26584.mbox | 2 ++ cve/published/2024/CVE-2024-26585.json | 17 +++++++++- cve/published/2024/CVE-2024-26585.mbox | 6 ++-- cve/published/2024/CVE-2024-26642.json | 47 +++++++++++++++++++++++++- cve/published/2024/CVE-2024-26642.mbox | 19 ++++------- cve/published/2024/CVE-2024-26643.json | 45 +++++++++++++++++++++--- cve/published/2024/CVE-2024-26643.mbox | 7 +++- cve/published/2024/CVE-2024-26653.json | 32 +++++++++++++++++- cve/published/2024/CVE-2024-26653.mbox | 17 +++------- cve/published/2024/CVE-2024-26654.json | 62 +++++++++++++++++++++++++++++++++- cve/published/2024/CVE-2024-26654.mbox | 21 +++++------- cve/published/2024/CVE-2024-26655.json | 32 +++++++++++++++++- cve/published/2024/CVE-2024-26655.mbox | 17 +++------- cve/published/2024/CVE-2024-26656.json | 47 +++++++++++++++++++++++++- cve/published/2024/CVE-2024-26656.mbox | 19 ++++------- cve/published/2024/CVE-2024-26657.json | 32 +++++++++++++++++- cve/published/2024/CVE-2024-26657.mbox | 17 +++------- 18 files changed, 368 insertions(+), 88 deletions(-) diff --git a/cve/published/2024/CVE-2024-26584.json b/cve/published/2024/CVE-2024-26584.json index 406d4ab2..59aa6ef0 100644 --- a/cve/published/2024/CVE-2024-26584.json +++ b/cve/published/2024/CVE-2024-26584.json @@ -17,6 +17,12 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "94524d8fc965", + "lessThan": "cd1bbca03f3c", + "status": "affected", + "versionType": "git" + }, { "version": "94524d8fc965", "lessThan": "13eca403876b", @@ -53,6 +59,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.6.18", "lessThanOrEqual": "6.6.*", @@ -75,6 +87,9 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72" + }, { "url": "https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754" }, @@ -87,7 +102,7 @@ ], "title": "net: tls: handle backlogging of crypto requests", "x_generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26584.mbox b/cve/published/2024/CVE-2024-26584.mbox index 6ecfe2c9..04ac0ecd 100644 --- a/cve/published/2024/CVE-2024-26584.mbox +++ b/cve/published/2024/CVE-2024-26584.mbox @@ -31,6 +31,7 @@ The Linux kernel CVE team has assigned CVE-2024-26584 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.16 with commit a54667f6728c and fixed in 6.1.84 with commit cd1bbca03f3c Issue introduced in 4.16 with commit a54667f6728c and fixed in 6.6.18 with commit 13eca403876b Issue introduced in 4.16 with commit a54667f6728c and fixed in 6.7.6 with commit ab6397f072e5 Issue introduced in 4.16 with commit a54667f6728c and fixed in 6.8 with commit 859054147318 @@ -62,6 +63,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72 https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754 https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694 https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3 diff --git a/cve/published/2024/CVE-2024-26585.json b/cve/published/2024/CVE-2024-26585.json index 723303d9..472761dc 100644 --- a/cve/published/2024/CVE-2024-26585.json +++ b/cve/published/2024/CVE-2024-26585.json @@ -17,6 +17,12 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "a42055e8d2c3", + "lessThan": "196f198ca6fc", + "status": "affected", + "versionType": "git" + }, { "version": "a42055e8d2c3", "lessThan": "6db22d6c7a6d", @@ -53,6 +59,12 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.6.18", "lessThanOrEqual": "6.6.*", @@ -75,6 +87,9 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d" + }, { "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146" }, @@ -87,7 +102,7 @@ ], "title": "tls: fix race between tx work scheduling and socket close", "x_generator": { - "engine": "bippy-8df59b4913de" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26585.mbox b/cve/published/2024/CVE-2024-26585.mbox index 0400054b..2f63f11c 100644 --- a/cve/published/2024/CVE-2024-26585.mbox +++ b/cve/published/2024/CVE-2024-26585.mbox @@ -1,4 +1,4 @@ -From bippy-8df59b4913de Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , @@ -23,11 +23,12 @@ The Linux kernel CVE team has assigned CVE-2024-26585 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.20 with commit a42055e8d2c3 and fixed in 6.1.84 with commit 196f198ca6fc Issue introduced in 4.20 with commit a42055e8d2c3 and fixed in 6.6.18 with commit 6db22d6c7a6d Issue introduced in 4.20 with commit a42055e8d2c3 and fixed in 6.7.6 with commit e327ed60bff4 Issue introduced in 4.20 with commit a42055e8d2c3 and fixed in 6.8 with commit e01e3934a1b2 -Please see https://www.kernel.org or a full list of currently supported +Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to @@ -54,6 +55,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146 https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb diff --git a/cve/published/2024/CVE-2024-26642.json b/cve/published/2024/CVE-2024-26642.json index 9a533e80..21ac4cb7 100644 --- a/cve/published/2024/CVE-2024-26642.json +++ b/cve/published/2024/CVE-2024-26642.json @@ -17,6 +17,24 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "761da2935d6e", + "lessThan": "72c1efe3f247", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", + "lessThan": "c0c2176d1814", + "status": "affected", + "versionType": "git" + }, + { + "version": "761da2935d6e", + "lessThan": "8e07c1669558", + "status": "affected", + "versionType": "git" + }, { "version": "761da2935d6e", "lessThan": "16603605b667", @@ -41,6 +59,24 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.8", "lessThanOrEqual": "*", @@ -51,13 +87,22 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a" + }, + { + "url": "https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12" + }, + { + "url": "https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7" + }, { "url": "https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1" } ], "title": "netfilter: nf_tables: disallow anonymous set with timeout flag", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26642.mbox b/cve/published/2024/CVE-2024-26642.mbox index 974ac54e..eb59b56d 100644 --- a/cve/published/2024/CVE-2024-26642.mbox +++ b/cve/published/2024/CVE-2024-26642.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag -Message-Id: <2024032150-CVE-2024-26642-3549@gregkh> -Content-Length: 1589 -Lines: 46 -X-Developer-Signature: v=1; a=openpgp-sha256; l=1636; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=j+7KmxAjGaKj6VQuNJURqHuROnpQxkNuJ3Cbt0QS7l4=; - b=owGbwMvMwCRo6H6F97bub03G02pJDKl/+NOmRq95I/VnfaP40kaxTBu1pUZxLv0vZtr838pUv - 0N5scT6jlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZiIrBPDfF/HIkl+QbHnF5bu - mnrZOaVOdHHJHoYF0xwFzqvNEr3he89cvlp2ruCEzwtkAQ== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -31,6 +20,9 @@ The Linux kernel CVE team has assigned CVE-2024-26642 to this issue. Affected and fixed versions =========================== + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.1.84 with commit 72c1efe3f247 + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.6.24 with commit c0c2176d1814 + Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.7.12 with commit 8e07c1669558 Issue introduced in 4.1 with commit 761da2935d6e and fixed in 6.8 with commit 16603605b667 Please see https://www.kernel.org for a full list of currently supported @@ -60,4 +52,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a + https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12 + https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7 https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1 diff --git a/cve/published/2024/CVE-2024-26643.json b/cve/published/2024/CVE-2024-26643.json index 5ece75ed..d42bb041 100644 --- a/cve/published/2024/CVE-2024-26643.json +++ b/cve/published/2024/CVE-2024-26643.json @@ -17,6 +17,24 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "1e4c03d530d8", + "lessThan": "406b0241d0eb", + "status": "affected", + "versionType": "git" + }, + { + "version": "5f68718b34a5", + "lessThan": "b2d6f9a5b1cf", + "status": "affected", + "versionType": "git" + }, + { + "version": "5f68718b34a5", + "lessThan": "5224afbc30c3", + "status": "affected", + "versionType": "git" + }, { "version": "5f68718b34a5", "lessThan": "552705a3650b", @@ -32,12 +50,20 @@ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ { - "version": "6.5", - "status": "affected" + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" }, { - "version": "0", - "lessThan": "6.5", + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom" }, @@ -51,13 +77,22 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163" + }, + { + "url": "https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1" + }, + { + "url": "https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8" + }, { "url": "https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36" } ], "title": "netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26643.mbox b/cve/published/2024/CVE-2024-26643.mbox index 9868338b..fafaed0a 100644 --- a/cve/published/2024/CVE-2024-26643.mbox +++ b/cve/published/2024/CVE-2024-26643.mbox @@ -34,11 +34,13 @@ The Linux kernel CVE team has assigned CVE-2024-26643 to this issue. Affected and fixed versions =========================== + Issue introduced in 6.1.56 with commit ea3eb9f2192e and fixed in 6.1.84 with commit 406b0241d0eb + Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.6.24 with commit b2d6f9a5b1cf + Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.7.12 with commit 5224afbc30c3 Issue introduced in 6.5 with commit 5f68718b34a5 and fixed in 6.8 with commit 552705a3650b Issue introduced in 5.4.262 with commit bbdb3b65aa91 Issue introduced in 5.10.198 with commit 448be0774882 Issue introduced in 5.15.134 with commit d19e8bf3ea41 - Issue introduced in 6.1.56 with commit ea3eb9f2192e Issue introduced in 6.4.11 with commit 0624f190b574 Please see https://www.kernel.org for a full list of currently supported @@ -68,4 +70,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163 + https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1 + https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8 https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36 diff --git a/cve/published/2024/CVE-2024-26653.json b/cve/published/2024/CVE-2024-26653.json index 2d251b4f..a47ec603 100644 --- a/cve/published/2024/CVE-2024-26653.json +++ b/cve/published/2024/CVE-2024-26653.json @@ -17,6 +17,18 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "acd6199f195d", + "lessThan": "420babea4f18", + "status": "affected", + "versionType": "git" + }, + { + "version": "acd6199f195d", + "lessThan": "8a9f653cc852", + "status": "affected", + "versionType": "git" + }, { "version": "acd6199f195d", "lessThan": "7c9631969287", @@ -41,6 +53,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9-rc2", "lessThanOrEqual": "*", @@ -51,13 +75,19 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/420babea4f1881a7c4ea22a8e218b8c6895d3f21" + }, + { + "url": "https://git.kernel.org/stable/c/8a9f653cc852677003c23ee8075e3ed8fb4743c9" + }, { "url": "https://git.kernel.org/stable/c/7c9631969287a5366bc8e39cd5abff154b35fb80" } ], "title": "usb: misc: ljca: Fix double free in error handling path", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26653.mbox b/cve/published/2024/CVE-2024-26653.mbox index af85e5d4..241a1eae 100644 --- a/cve/published/2024/CVE-2024-26653.mbox +++ b/cve/published/2024/CVE-2024-26653.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26653: usb: misc: ljca: Fix double free in error handling path -Message-Id: <2024040122-CVE-2024-26653-7903@gregkh> -Content-Length: 1960 -Lines: 54 -X-Developer-Signature: v=1; a=openpgp-sha256; l=2015; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=om3r1qWmjbshIkz+xjd1ihqhbPFHF/nQVpwJA7GTON0=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGlchcGuvzJOV1llrrRS98kxvq0R8N1iQ2RN87OgBvaFg - QHrTizuiGVhEGRikBVTZPmyjefo/opDil6Gtqdh5rAygQxh4OIUgIm8KGBYcK5v663cRxcSpBz4 - M94fNxIyZPuiyTCT8bWM+w2eyqSDvYt/+DdMe9B9dtZhAA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -39,6 +28,8 @@ The Linux kernel CVE team has assigned CVE-2024-26653 to this issue. Affected and fixed versions =========================== + Issue introduced in 6.7 with commit acd6199f195d and fixed in 6.7.12 with commit 420babea4f18 + Issue introduced in 6.7 with commit acd6199f195d and fixed in 6.8.3 with commit 8a9f653cc852 Issue introduced in 6.7 with commit acd6199f195d and fixed in 6.9-rc2 with commit 7c9631969287 Please see https://www.kernel.org for a full list of currently supported @@ -68,4 +59,6 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/420babea4f1881a7c4ea22a8e218b8c6895d3f21 + https://git.kernel.org/stable/c/8a9f653cc852677003c23ee8075e3ed8fb4743c9 https://git.kernel.org/stable/c/7c9631969287a5366bc8e39cd5abff154b35fb80 diff --git a/cve/published/2024/CVE-2024-26654.json b/cve/published/2024/CVE-2024-26654.json index d743c146..f5033b97 100644 --- a/cve/published/2024/CVE-2024-26654.json +++ b/cve/published/2024/CVE-2024-26654.json @@ -17,6 +17,30 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "198de43d758c", + "lessThan": "9d66ae0e7bb7", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", + "lessThan": "61d4787692c1", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", + "lessThan": "e955e8a7f38a", + "status": "affected", + "versionType": "git" + }, + { + "version": "198de43d758c", + "lessThan": "3c907bf56905", + "status": "affected", + "versionType": "git" + }, { "version": "198de43d758c", "lessThan": "051e0840ffa8", @@ -41,6 +65,30 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.1.84", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9-rc2", "lessThanOrEqual": "*", @@ -51,13 +99,25 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046" + }, + { + "url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901" + }, + { + "url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3" + }, + { + "url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04" + }, { "url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457" } ], "title": "ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26654.mbox b/cve/published/2024/CVE-2024-26654.mbox index 8f4fe468..2bed24eb 100644 --- a/cve/published/2024/CVE-2024-26654.mbox +++ b/cve/published/2024/CVE-2024-26654.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26654: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs -Message-Id: <2024040142-CVE-2024-26654-aa6c@gregkh> -Content-Length: 2662 -Lines: 68 -X-Developer-Signature: v=1; a=openpgp-sha256; l=2731; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=Z5AEasqUQCiE+PcDVLJ5NJVwHh5dzu4E0kgj6Ctejkg=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGlchfcuvbr6RK8hqqZhhtXFR0rnXmiw3Jy5QNaO78Aaj - gN8Lnd2dcSyMAgyMciKKbJ82cZzdH/FIUUvQ9vTMHNYmUCGMHBxCsBE8hIY5in7ujjr2Dg/fvud - 7WhgjKtS3YSSHIY5fEmOW54KaH/Oz8rs5g1t3arMVxABAA== -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -53,6 +42,10 @@ The Linux kernel CVE team has assigned CVE-2024-26654 to this issue. Affected and fixed versions =========================== + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.1.84 with commit 9d66ae0e7bb7 + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.6.24 with commit 61d4787692c1 + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.7.12 with commit e955e8a7f38a + Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.8.3 with commit 3c907bf56905 Issue introduced in 2.6.23 with commit 198de43d758c and fixed in 6.9-rc2 with commit 051e0840ffa8 Please see https://www.kernel.org for a full list of currently supported @@ -82,4 +75,8 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046 + https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901 + https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3 + https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04 https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457 diff --git a/cve/published/2024/CVE-2024-26655.json b/cve/published/2024/CVE-2024-26655.json index 75f6abc6..3f14a634 100644 --- a/cve/published/2024/CVE-2024-26655.json +++ b/cve/published/2024/CVE-2024-26655.json @@ -17,6 +17,18 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "60c6946675fc", + "lessThan": "a88649b49523", + "status": "affected", + "versionType": "git" + }, + { + "version": "60c6946675fc", + "lessThan": "0200dd7ed233", + "status": "affected", + "versionType": "git" + }, { "version": "60c6946675fc", "lessThan": "5b4cdd9c5676", @@ -41,6 +53,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9-rc2", "lessThanOrEqual": "*", @@ -51,13 +75,19 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341" + }, + { + "url": "https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847" + }, { "url": "https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8" } ], "title": "Fix memory leak in posix_clock_open()", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26655.mbox b/cve/published/2024/CVE-2024-26655.mbox index 09d2dc47..1f1b2266 100644 --- a/cve/published/2024/CVE-2024-26655.mbox +++ b/cve/published/2024/CVE-2024-26655.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26655: Fix memory leak in posix_clock_open() -Message-Id: <2024040124-CVE-2024-26655-265a@gregkh> -Content-Length: 1586 -Lines: 48 -X-Developer-Signature: v=1; a=openpgp-sha256; l=1635; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=a5i7wrJFzySBsggnfUflXDMhVjseuVn8CX4H+NNZQvE=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGlcpye0z9XYtpCvO4tpLqeTCOMmw/YTy0VKkrbcUWzWP - jVJZYpBRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEykzoZhfnqcy/xDL87cr1yZ - v/W7pdG1LV90uRgWXF4ge/BpoNL7i2VaRRwrJvvM3fH1LAA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -33,6 +22,8 @@ The Linux kernel CVE team has assigned CVE-2024-26655 to this issue. Affected and fixed versions =========================== + Issue introduced in 6.7 with commit 60c6946675fc and fixed in 6.7.12 with commit a88649b49523 + Issue introduced in 6.7 with commit 60c6946675fc and fixed in 6.8.3 with commit 0200dd7ed233 Issue introduced in 6.7 with commit 60c6946675fc and fixed in 6.9-rc2 with commit 5b4cdd9c5676 Please see https://www.kernel.org for a full list of currently supported @@ -62,4 +53,6 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/a88649b49523e8cbe95254440d803e38c19d2341 + https://git.kernel.org/stable/c/0200dd7ed2335469955d7e69cc1a6fa7df1f3847 https://git.kernel.org/stable/c/5b4cdd9c5676559b8a7c944ac5269b914b8c0bb8 diff --git a/cve/published/2024/CVE-2024-26656.json b/cve/published/2024/CVE-2024-26656.json index 552f77f2..11a185ff 100644 --- a/cve/published/2024/CVE-2024-26656.json +++ b/cve/published/2024/CVE-2024-26656.json @@ -17,6 +17,24 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "1da177e4c3f4", + "lessThan": "e87e08c94c95", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "af054a5fb24a", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "22f665ecfd12", + "status": "affected", + "versionType": "git" + }, { "version": "1da177e4c3f4", "lessThan": "22207fd5c801", @@ -31,6 +49,24 @@ "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "6.6.24", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9-rc1", "lessThanOrEqual": "*", @@ -41,13 +77,22 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605" + }, + { + "url": "https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c" + }, + { + "url": "https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c" + }, { "url": "https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e" } ], "title": "drm/amdgpu: fix use-after-free bug", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26656.mbox b/cve/published/2024/CVE-2024-26656.mbox index 5021de01..4ece9f9d 100644 --- a/cve/published/2024/CVE-2024-26656.mbox +++ b/cve/published/2024/CVE-2024-26656.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26656: drm/amdgpu: fix use-after-free bug -Message-Id: <2024040247-CVE-2024-26656-ffaa@gregkh> -Content-Length: 7218 -Lines: 152 -X-Developer-Signature: v=1; a=openpgp-sha256; l=7371; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=Wr5SQocp1QkadKMtm+ufjM23rLw0gvJJUxV5sXbqsZ4=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGncC95P27XrzR1Pu4xa+6ftPnd3zNR3nvXh7GXtfFcbu - 3dBfPs1O2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAic3cyLJhx3fa7dEn4lm8P - evQnz98v+6Jkdx7DggNZ1RW/jraIlM3oURHnUKz+Z3T+FwA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -137,6 +126,9 @@ The Linux kernel CVE team has assigned CVE-2024-26656 to this issue. Affected and fixed versions =========================== + Fixed in 6.6.24 with commit e87e08c94c95 + Fixed in 6.7.12 with commit af054a5fb24a + Fixed in 6.8.3 with commit 22f665ecfd12 Fixed in 6.9-rc1 with commit 22207fd5c801 Please see https://www.kernel.org for a full list of currently supported @@ -166,4 +158,7 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605 + https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c + https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e diff --git a/cve/published/2024/CVE-2024-26657.json b/cve/published/2024/CVE-2024-26657.json index 92dbc0ef..d68735ed 100644 --- a/cve/published/2024/CVE-2024-26657.json +++ b/cve/published/2024/CVE-2024-26657.json @@ -17,6 +17,18 @@ "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "versions": [ + { + "version": "56e449603f0a", + "lessThan": "74cd204c7afe", + "status": "affected", + "versionType": "git" + }, + { + "version": "56e449603f0a", + "lessThan": "54b5b7275dfd", + "status": "affected", + "versionType": "git" + }, { "version": "56e449603f0a", "lessThan": "f34e8bb7d6c6", @@ -41,6 +53,18 @@ "status": "unaffected", "versionType": "custom" }, + { + "version": "6.7.12", + "lessThanOrEqual": "6.7.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "6.8.3", + "lessThanOrEqual": "6.8.*", + "status": "unaffected", + "versionType": "custom" + }, { "version": "6.9-rc2", "lessThanOrEqual": "*", @@ -51,13 +75,19 @@ } ], "references": [ + { + "url": "https://git.kernel.org/stable/c/74cd204c7afe498aa9dcc3ebf0ecac53d477a429" + }, + { + "url": "https://git.kernel.org/stable/c/54b5b7275dfdec35812ccce70930cd7c4ee612b2" + }, { "url": "https://git.kernel.org/stable/c/f34e8bb7d6c6626933fe993e03ed59ae85e16abb" } ], "title": "drm/sched: fix null-ptr-deref in init entity", "x_generator": { - "engine": "bippy-b4257b672505" + "engine": "bippy-d3b290d2becc" } } }, diff --git a/cve/published/2024/CVE-2024-26657.mbox b/cve/published/2024/CVE-2024-26657.mbox index 2c940160..7750b988 100644 --- a/cve/published/2024/CVE-2024-26657.mbox +++ b/cve/published/2024/CVE-2024-26657.mbox @@ -1,19 +1,8 @@ -From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From bippy-d3b290d2becc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman To: Reply-to: , Subject: CVE-2024-26657: drm/sched: fix null-ptr-deref in init entity -Message-Id: <2024040250-CVE-2024-26657-25a0@gregkh> -Content-Length: 7470 -Lines: 161 -X-Developer-Signature: v=1; a=openpgp-sha256; l=7632; - i=gregkh@linuxfoundation.org; h=from:subject:message-id; - bh=18oronXDxMHZv8FA74pHpM7daJpNC3YtbrH+Q9LSLJM=; - b=owGbwMvMwCRo6H6F97bub03G02pJDGncCz7lqrEeaTw7/cCPCObHa9cw6zwwSyo6caxVP8ArJ - ZfV+f7BjlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZjIyiaG+VXzmlR9rnxjfrTv - YgjLkXrDZSJ/fjLML5SZl/UwMXPflaC1l5VbUw78eHVyEQA= -X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; - fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Description =========== @@ -146,6 +135,8 @@ The Linux kernel CVE team has assigned CVE-2024-26657 to this issue. Affected and fixed versions =========================== + Issue introduced in 6.7 with commit 56e449603f0a and fixed in 6.7.12 with commit 74cd204c7afe + Issue introduced in 6.7 with commit 56e449603f0a and fixed in 6.8.3 with commit 54b5b7275dfd Issue introduced in 6.7 with commit 56e449603f0a and fixed in 6.9-rc2 with commit f34e8bb7d6c6 Please see https://www.kernel.org for a full list of currently supported @@ -175,4 +166,6 @@ release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: + https://git.kernel.org/stable/c/74cd204c7afe498aa9dcc3ebf0ecac53d477a429 + https://git.kernel.org/stable/c/54b5b7275dfdec35812ccce70930cd7c4ee612b2 https://git.kernel.org/stable/c/f34e8bb7d6c6626933fe993e03ed59ae85e16abb -- cgit 1.2.3-korg